Logius outsourced the hosting and infrastructure to Solvinity.
Why did they not mandate national (or at least EU-based) hosting and infra ?
It feels a bit insane in retrospect for such a critical digital service ?
The people who pointed out that none of the moving parts of DigiD should have been outsourced were ignored until the tide shifted this year.
I'm honestly surprised the government decided to intervene. The usual method is to keep on believing in the signed piece of paper until the shit hits the fan (like with the Fyra high speed trains) — never mind that the US (where the buyer is from) is not likely to give a toss about those pieces of paper if they need something from our data.
So you have to weigh the risks of outsourcing to the risk of the whole thing becoming very late and very expensive. The risks around outsourcing are something further down the line, the risks of everything becoming expensive and late are something that will give the responsible politician a headache now.
If the private company is granted a defacto monopoly, it doesn’t matter that they’re a “private” company, they will have the same incentive and accountability problem.
What we know for certain though: Government taking over something is definitionally a monopoly and 99.99% of government employees are not subject to the accountability mechanism of elections.
Historically, the largest boondoggles of waste have always come from government, given they can legally hold a gun to your head and take 50% of everyones money to fund their “projects.” Private companies can’t take your money by force, unless being given those contracts by government. So again, the the incentive issue fundamentally arises from an entity being entitled to gather assets using violence rather than voluntary exchange.
IT is hardly something we need to do occasionally, so build up a department that can do it (not just write up huge reports about what it should do and outsource, like Logius) and invest in the people that will work there (retaining them as much as possible). Give a big middle finger to consultants, and listen to the tech experts. Build boring stuff that works instead of a new app every month.
It's not impossible in theory, and cheaper in the long run. It's impossible because asshats who would actually benefit from left and centre politics keep voting right-wing parties in to power.
They did, and they moved to block the acquisition of the local company handling it. What's unclear in the article?
What I find strange is that the Dutch government does have its own datacenters, e.g. ODC-Noord (1), but they're still looking to outsource the hosting even after the current contract ends in 2027.
It's always better to be able to blame a supplier for something going wrong if you're a senior leader or politician. For some reason, if it does happen no one has to resign.
There is loads of UK Critical National Infrastructure on AWS, probably Azure too. And the Home Office put up £10 million tender to shut down an old data centre not that long ago without a confirmed replacement - https://www.find-tender.service.gov.uk/Notice/018193-2024
> Currently, DigiD is partially managed by Solvinity, a company owned by a British investor
Britain is neither local nor in the EU
I don't see why they should bother with who invests in it, when they have the power to do what they just did and block the acquisition.
American Federal Systems also have European and Indian operators but it gets more restricted depending on what part of the system you're dealing with. Even then, the operators get it wrong.
Many "American" firms are being served by Irish, Bulgarian, and Dutch operators for example. When you get to Fedpod, the restrictions are usually tiered, not all or nothing. It's why US firms got caught with Chinese handling data.
The question isn't should Europe and even America clean it up - it's how much is legitimate national soverignty and how much is going to be straight mercantilism in the Cloud/SaaS sector.
One could say globalists and free marketeers 'embraced' governments.
I hate it, but what can you do, this is sadly what people here keep voting for.
Sadly, I don’t know of a way to influence how our government practices IT. Except maybe to work for Logius. And even then there will be the topic of funding.
IT sovereignty may not have been a topic during elections, but it should be clear to anyone now that the VVD (political party that has been in most governments in the past decades) is a revolving door. When given a choice, they will always prefer letting the market do it/deregulate. This is not limited to IT. Banks, insurance companies, gas companies (Shell), etc. is where they work before they go into politics and/or work after they leave politics.
Some European countries right now have their currency printing and their passport printing outsourced to foreign nations.
These things aren't too unusual.
I do kinda get the China customs system example though, only because if corruption is bad enough that it's a greater concern than opsec, then you're kinda hosed anyways.
You're seeing people wake up to the threat now, with the opposition against Kyndryl and the Nexperia thing.
Somewhat more controversially, I'm also worried about the French government owning large parts of the Dutch defense industry through Thales and Airbus. (And, to a lesser extent, German and Spanish governments.)
Very little of the Dutch defense industry is still Dutch-owned. Only Damen comes to mind.
None of the sharks ultimately ever managed to agree who gets to eat it- because whoever did would upset the balance between the sharks.
But China and America are mega sharks who don't care about balance and want to eat everything or die trying.
France is a lot more socialist luckily.